Welcome to Cisco Orbital

Cisco Orbital (“Orbital”) is a new service that adds Osquery to AMP for Endpoints (AMP4E) to support detailed and fast queries for incident responders. Orbital is available to AMP Advantage customers and currently supported on 64-bit Windows 10 hosts running Version 1703 (Creators Update) or later.

About:

• What is Orbital? – What is Cisco Orbital and how can you use it?
• How Do I Get Orbital? – How can you get Orbital?
• Requirements – What do you need to use Cisco Orbital?
• Quick Start – How do you use Orbital to query AMP endpoints?
• Orbital APIs – How to write applications that use Orbital.

User Interface:

• Query – Using the Orbital Query interface to submit queries and create jobs.
• Schedule Orbital Job – Jobs are scheduled queries.
• Jobs – Using the Orbital Jobs interface to manage queries and view results.
• Assets – Using the Orbital Assets interface to examine endpoints.
• Catalog – Using the Orbital Catalog to find queries designed by Cisco to search and investigate.
• Remote Data Stores – Using the Orbital Remote Data Stores interface to send results to your choice of destinations.

Support:

• Alerts, Errors, Warnings – What errors could you see from Orbital?
• Troubleshooting – How can you fix issues with using Orbital?
• FAQ – Frequently Asked (or Anticipated) Questions about Cisco Orbital.
• Glossary – Terms specific to Orbital.